Bitcoin Forum
May 24, 2018, 03:16:29 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
  Home Help Search Donate Login Register  
  Show Posts
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 [44] 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 »
861  Bitcoin / Bitcoin Discussion / Re: 1BR: Should the block reward be 50 BTC for ages? on: September 14, 2012, 01:29:50 PM
Still, if you "redeem" lost coins, blockchain won't get smaller because of that. Most probably it wil get even bigger.

Not if you combine multiple inputs to one or two outputs which is pretty standard practice. Plus you pay transaction fees for the continued health of the network.

Yes, pruned would be smaller. But correct me if im wrong, pruned chain should be several megabytes of size, so lost coins "bloatness" is negligible anyway.

Pruning removes spent inputs, it doesn't do anything to unspent outputs.
862  Bitcoin / Bitcoin Discussion / Re: 1BR: Should the block reward be 50 BTC for ages? on: September 14, 2012, 12:58:19 PM
As far as I know, lost coins don't increase blockchain size in any way. Only new transactions increase blockchain size.

They don't increase the size, but they do nothing productive and are a waste of everyone's resources. As the value of coins rise, and people die or lose coins or whatever, smaller and smaller outputs will be left stuck in the chain never to be redeemed, never to be forgotten.
863  Bitcoin / Bitcoin Discussion / Re: PayPal set to suspend domestic transactions in Argentina on: September 14, 2012, 12:53:56 PM
They can also recognise encrypted traffic and filter that.

I would hope if this becomes the case that really smart people will come up with ingenious ways of using steganography and other protocol obfuscation to make this harder than catching a greased pig. But AFAIK nobody has made very strong attempts to do this yet as most protocol obfuscation is easily defeated.
864  Alternate cryptocurrencies / Altcoin Discussion / Re: Decrits Proposal: Solution for an unbound, energy-related, stable value currency on: September 14, 2012, 12:46:34 PM
:-) Of course I can back it up with multiples of hashing power. My client will calculate how many spots in the queue I should take and take the optimum amount.


=> if it is not related to IP [number of network members] the reward system becomes reduced to the cost of energy [+ hardware depreciation] as value.

Plus (computer) time, plus a profit margin. Though those margins will probably be diminished because of the coin multiplier. However, this means people mint when the value of currency is too high--the intended design. This is a good thing for something that tries to achieve a stable value, don't you think?
865  Alternate cryptocurrencies / Altcoin Discussion / Re: Decrits Proposal: Solution for an unbound, energy-related, stable value currency on: September 14, 2012, 11:47:12 AM
=> this can be decentralized with some cheat protection
- You can reward the web pages that displayed the add with 50% of income the network with the rest [all owners of coins]

This could result in never-ending inflation that doesn't care about price levels. It would be easy to spam these proofs to yourself and flood the network or what have you. It is not very elegant, unfortunately.

- You can limit the reward for each web page ip so that the advertiser can not cheat by crediting everything to his web page ...

Using external information puts the integrity of the system at risk. I don't want to go off on this tangent, so I'll just leave it as "not a good idea." Sorry. Kiss

If You add rewards for just being part of the network You have an additional problem of fake members [multiple ips] ... the same problem that I would have with proving views / clicks :-)

I see now that you misunderstood the point that markm was making. There is no added reward for using multiple IPs. As I told him, IP addresses don't even come into the equation with creating new money. There is no benefit for joining the queue multiple times unless you can back it up with multiples of hashing power. It is in fact risky because you could see zero return on your 0.2 coin investment if you take too long to provide proofs of work.
866  Alternate cryptocurrencies / Altcoin Discussion / Re: Decrits Proposal: Solution for an unbound, energy-related, stable value currency on: September 14, 2012, 11:09:08 AM
Alternatively You could generate blocks by actually displaying the content if You can proof views.

But you can't. Part of the smart property of bitcoin's coin creation is that it is very hard to produce and very easy to verify. How can anyone prove views? You are relying on someone to say "yeah there were views." There is no decentralized, easy to verify proof.

If You define what is the value in decrits it will be easier to comprehend.

There are a hundred ways to realize the value of a cryptocurrency. Significantly reduced transaction costs; no government or central bank manipulation; difficult to trace transactions; ease of international trade; and so on. As with everything of value, it is given value by those that ascribe value to it. I believe the ability to democratically* and organically control the currency's creation is of significant value. Thus democratic credits. Tongue Bitcoin proponents may not agree.

* social equality, not a reference to the voting system
867  Economy / Economics / Re: cryptocurrencies and monetary supply (growth rates) on: September 14, 2012, 10:50:58 AM
Honestly I don't think these ideas should be applied to bitcoin itself, but rather to a new alt-coin.

Another option I had been thinking of is a "sigmoid" kind of supply function: start with a small block to allow people some time to join, generate a bigger coin base during a big block period (say, 6 months later and going on for a few years), then start reducing the block reward again until some low rate is achieved, or allow a fixed final block reward forever.

This was suggested a long while back and was termed "ease-in, ease-out." Whatever Satoshi's intent with the distribution curve, it is what it is and bitcoin has momentum. I don't think that any alt coin that only changes this property has any chance of competing at this point. In the great grand scheme of things, it is probably not all that usefully different.
868  Bitcoin / Bitcoin Discussion / Re: PayPal set to suspend domestic transactions in Argentina on: September 14, 2012, 10:35:19 AM
F#$% I hate paypal.
869  Alternate cryptocurrencies / Altcoin Discussion / Re: Decrits Proposal: Solution for an unbound, energy-related, stable value currency on: September 14, 2012, 10:30:30 AM
but what improvement do You want to achieve?

The ability to create and unbounded amount of currency without causing general price inflation (or slightly more accurately without any loss of real value due to possible price inflation caused by currency creation).

"BTC is rewarded for solving a mathematical equation that takes substantial amount of computing power to produce". That's it. This explains everything (even if it is not 100% correct).

It also explains everything in the same sense ("not really explained" Wink) in Decrits. There is obviously a lot more going on under the hood in both situations.

Now You have a crazy addition ... after some period You get half of the reward ... A confusing, surprising and definitely not necessary addition [but it helps getting early adopters].

I'm not sure what you mean here or to which part you are referring.

You must be able to present the money generation process in such a short way.

I must also be able to give solid logic and thorough explanations to the people here who will be very critical of anything that isn't directly related to the mostly proven idea of bitcoin's currency creation. This proposal is not here to attract early adopters, it is here to attract scrutiny and discussion and potential for new and better ideas. I will work on dumbing the ideas down to a digestible fashion when people can download and run the software.

You could monetize traffic on web pages. => You proof traffic and get rewarded in "BTC-traffic". The network can than take advantage of this and sell the space you have buy providing it to advertisers that have to burn (destroy) "BTC-traffic" coins to display adds there.

This is not a decentralized solution.
870  Bitcoin / Bitcoin Discussion / Re: Would Hayek have been a fan of Bitcoin? on: September 14, 2012, 10:05:48 AM
"Today I believe that deflation has no recognizable function whatever, and that there is no justification for supporting or permitting a process of deflation."
871  Other / Beginners & Help / Re: Answering Legal Questions for Bitcoins! on: September 14, 2012, 04:37:56 AM
Sounded like a cool idea until you said you were staying anonymous. I can understand you protecting yourself by not being someone's attorney, but how do we even know that you are one in this case?
872  Alternate cryptocurrencies / Altcoin Discussion / Re: Decrits Proposal: Solution for an unbound, energy-related, stable value currency on: September 14, 2012, 04:16:48 AM
Is Decrits meant to be a decentralized solution?

Absolutely. Though I would not be surprised to hear an argument that money = power is more centralized than mining pools and hashing power.

How is the coin minting queue managed? E.g. you say "Once enough minters have joined the queue..."  :  what if there is disagreement about which miners are in the queue or if there are "enough"?

Well the "enough" question is simple because that is part of the protocol. As far as disagreeing, whatever the shareholder says for each transaction block goes. You can think of it like geistgeld if you are familiar where I believe the block target time was around 10 seconds, but there is no competition for creating transaction blocks--only 1 shareholder is allowed to create a block for each specific 10 second window and that's it. I haven't gone much into what happens if a shareholder misses their transaction block because that's a bit hand-wavy at this point.

Like, for example, a node sees blocks 100, 101, then 103 and it enters some kind of safe mode because 102 is missing and transactions can't be guaranteed bad-spend proof (spending more than available in the account balance) until the missing block is resolved (how this will work exactly is the hand-wavy part). It won't particularly affect minters because they don't care about transaction security. And they could start minting at any time or do whatever they want, but a hash of a relatively current transaction block will be part of the data that needs to be hashed, so if they come up with a solution before there are enough minters in the queue, the solution will be invalid and the effort wasted.
873  Bitcoin / Development & Technical Discussion / Re: Crypto question: Breaking ECDSA for all key-pairs simultaneously? on: September 14, 2012, 03:48:28 AM
Being able to tie the owner to multiple addresses will always be a problem, especially now as the standard client is "dumb" when it comes to maintaining that form of anonymity. In the future I'm sure it will be easier to maintain separate pseudo-identities or whatever you want to call them, but taking all of your inputs and sending them to one output will definitely tie them all together. Whether or not that is a concern is up to you.
874  Bitcoin / Bitcoin Discussion / Re: 1BR: Should the block reward be 50 BTC for ages? on: September 14, 2012, 03:39:37 AM
There has not been a hard fork to the protocol. (Unless you're talking about the blockchain irrelevant checksumming of the p2p messages).

what about the 184 billion bitcoins?
875  Bitcoin / Bitcoin Discussion / Re: 1BR: Should the block reward be 50 BTC for ages? on: September 13, 2012, 11:27:43 PM
Not to mention, there is no reason to do it - because there is no need to compensate for lost coins.

There is the never-ending block chain bloat to consider.
876  Alternate cryptocurrencies / Altcoin Discussion / Re: Decrits Proposal: Solution for an unbound, energy-related, stable value currency on: September 13, 2012, 10:38:53 PM
IP addresses are not needed or used for minting under the Decrits proposal. I dropped the "supplynet group" concept of Encoin that worked similarly to p2pool because I felt it would be an avenue for a denial of service attack against creating new money. Part of that idea reduced the effectiveness of things like ASICs because the payouts would not be proportional to hashing power (see: However, it is possible that idea could be re-discussed down the road as it is less data-intensive than the Decrits proposal which is nice (but requires direct communication between group peers, which is not so elegant), but I think in general the 10x coin multiplier obviates the need for non-proportional payouts. Plus it feels like socialism.

Anyways, there is nothing preventing an ASIC from presenting itself as many consumer grade machines. I even mentioned in the OP that one user could join the queue multiple times, but it is risky because they may be selected more than once at the same time and they may lose their initial solution investments if they cannot find solutions within the allotted time frame. Obviously this is not very risky for an ASIC.

There are two avenues for using an ASIC on the network:

1) Playing nice and blending in with an individual queue hash rate along the lines with the rest of the network. Depending on the size and circumstances of the network, this will only be effective as long as it is profitable for the community at large to mine because of the large initial mint block start up cost. One of the risks that I failed to mention in the money creation section was that queued solutions will only be valid for so long and will eventually expire unless a mint block begins within a certain time frame. So if they play nice and whatever, they will make a much better profit than everyone else, but because of the 10x coin multiplier and restrictions on timing and such, the profit is very unlikely to be significant compared to the unsunk costs of purchasing and/or developing the ASIC. Once supply and demand meet, everyone else will drop out and the ASIC will not have enough power to maintain the entire minting process on its own.

Unless the ASIC is an order of magnitude more powerful, which has apparently been proved-in-concept by BFL with a 1TH/s miner. If the network's GDP is large and healthy, even a miner with an order of magnitude more power should still pale in comparison to the amount of work needed to begin a mint block. If the network is small, with the 10x coin multiplier and such it is unlikely to ever see a return on investment, so that brings me to...

2) the possibility that it could be used as an attack on the network to intentionally increase the difficulty, bring up the cost of creating coins and cut out everyone else from being able mine (though probably including itself). I came up with a solution for this though that I recently added to my consciousness stream notes:

ASIC etc. protection: Provide a minimum amount of time to join the mint queue (based on the 10% fee and typical time to create coins). This way even if an ASIC shows up and gets the mint queue full to start a new block immediately, there will be a waiting period where even more can join and thus thwart an insane currency production or increased difficulty by the ASIC user(s) being the only ones in the queue when production begins. I guess this timer will start when the first minter is queued. This does leave the possibility of an ASIC miner just putting one in the queue, waiting for the timer to expire, then mass producing minters. So a slightly more subtle method is required. (Either way, they will only be able to get away with it for one block, after that everyone can get a warning that someone is fucking with the difficulty and join up with the next block to keep things in check by being a big portion of the initial minters.)

Additionally, ASICs are stupid machines. There are tens or hundreds of ways that the hashing algorithm could be slightly modified to render all ASIC designs moot while causing only a slight hiccup to GPU mining. Because of the voting protocol, this could happen transparently and publicly, and the fact that this option exists may simply deter anyone from even trying. I am also thinking of doing a three-way algorithm between SHA2, SHA3, and scrypt, XORed together or something. (this has the additional bonus of completely nullifying any future vulnerability in one of the algorithms.) With the addition of scrypt, from what I understand this will significantly increase the cost of producing ASICs as they will require onboard memory or will have severe hashing penalties.

PS - the groups of forty will be determined at random
877  Bitcoin / Development & Technical Discussion / Re: Crypto question: Breaking ECDSA for all key-pairs simultaneously? on: September 13, 2012, 09:54:07 PM
Please provide a citation for this "fact". There is an attempt underway to calculate discrete logs on a 130-bit elliptic curve over a prime order field. Without some massive algorithmic improvements we're not going to have any chance of attacking 256-bit curves in eight years. I seem to recall that there is some speculation that humankind will never be able to count up to 2^128 let alone perform an attack with such a work factor.


I read a paper on it, though I checked my saved documents and it doesn't appear that I had saved it and I don't remember the author. It was also written more in the sense about symmetric cryptography and how long do you need your data to be secure and such, and backing it up with information regarding moore's law and other factors. 128bit might have been 2030 too, I'm just going from memory which is why I said "or so." 256-bit security is the magical number that would be impossible to count to, though 128 is still pretty significant. But DSAs and SHAs are more prone to vulnerabilities than symmetric cryptography, so how long 128 bits will be secure remains to be seen.
878  Bitcoin / Bitcoin Discussion / Re: 1BR: Should the block reward be 50 BTC for ages? on: September 13, 2012, 08:37:47 PM
Meanwhile, the 5% of miners who stayed with the original Bitcoin blockchain are still happily mining along and keeping transactions moving along, the currency still has value, and people are still making transactions with it.

Well, besides the fact that transactions will take 20 times longer to confirm for 2016 blocks (10 months).  Kiss
879  Alternate cryptocurrencies / Altcoin Discussion / Re: Decrits Proposal: Solution for an unbound, energy-related, stable value currency on: September 13, 2012, 08:02:25 PM
It is not pegged to the cost of energy, more like derived from it as well as hardware costs and time costs. I hesitated to even bring it up again because it was non-stop in the encoin threads about how this wasn't possible, "you can't force the market", blah blah. But it's important to get a sense of how the value of a coin could be derived. With encoin I came up with a tongue-in-cheek phrase that "1 enc costs about 1 enc to produce." Meaning that, long-term, whatever the coin is worth is about what it will cost you to make one.

This can vary when demand outstrips supply in the case of a network expansion, or supply outstrips demand in the case of panic selling or loss of confidence or what have you. But when demand outstrips supply, as the currency production is unbounded, the people can quickly create new currency to return it to the equilibrium level. If supply outstrips demand, an opportunity for arbitrage arises. So, long term, the price should simply oscillate around a common cost to produce.

But this does not directly take into account the many factors that go into this such as the general price of world electricity changing and efficiency gains in hardware, but that is where the ingenuity of the encoin and decrits proposals come in. This was an important, though slightly flawed, step to bringing the possibility of a stable value currency to reality based only on competition between miners.

The current difficulty for creating coins is a value of 100 which causes the average coin to be produced in 50 coin-hours.

 The Network originally had 100% of computers producing coins using 150W of electricity to produce a coin in 50 coin-hours, 50 * 150W or 7.5kWh per coin.

 50% of the computers producing coins now use 125W of electricity while 50% continue to use 150W, while both produce coins at the same rate.


 When the block award returns to 6 coins, the difficulty will be 108.5, or 54.25 coin-hours to make the same coin as before. 54.25 * 137.5W ~ 7.5kWh.

But it was not ideal for several reasons that do not apply to Decrits and I don't want to go off on that tangent.

SO, I will go point by point through the money creation section to explain why everything is the way I proposed it.

  • Money creation starts with a big block of coins available to be minted based on the amount transaction fees over the last year (with a large minimum amount), divided by 12 to get a base line.
This is so that network GDP plays a factor in how difficult it is to begin a new mint block and how much must be mined before the coins are awarded. Because transaction fees are a percentage, this will scale smoothly as the network activity increases.

  • To begin minting coins, minters must put their name into the coin minting queue which must include a proof of work equal to 10% of the standard coin award's value (e.g. if each user is assigned to mint 2 coins, he must give a solution equal to 0.2 coins to join the queue).
This reduces spam to join the mint queue, gives proof that you are capable of finding solutions, gives proof to the network that a lot of hashing power is ready to create coins, and involves a slight risk. It is possible, though unlikely, that you may never get to mint coins for this block. (Bought a fancy ASIC? whoops!)

  • Once enough minters have joined the queue, minting can begin (this formula will be based on the total number of coins available to be minted for this block).
This will likely be when there are enough minters in queue to be assigned 20% of the total coins in the block.

  • When minting begins, the cost of the solution to join the queue will drop to 7.5%, and after a significant portion of the coins have been mined (25% or so), the cost to join will drop to 5%.
This adds to the risk of being among the first to join the queue. It also makes less powerful systems able to join more easily and slow down the production of hyper-efficient minters.

  • When the block begins, only 50% of the queued users will be selected to create coins.
Adds to the risk. The other 50% essentially lost the a battle of luck because now everyone can join for 7.5% instead of 10%.

  • While each minter creates coins individually, they are assigned together with a group of 39 other minters with which they compete. The first 10 users in each group will receive a slight bonus to their award,
The bonus is to encourage increasing the difficulty when it makes sense. If your rig is very efficient, reap the rewards of running at a mh/s that is 10% greater than the network average or so.

  • and once the 10th solution is given, all 10 users will be assigned to new groups to create more coins.
This mitigates risk to the network. You can buy that fancy 1GH/s ASIC, but if you only get ten coins from each block, it is so insanely ridiculously not worth it. In the mean time you spend a lot of time waiting around doing nothing.

  • This process continues for each set of 10 except that the 3rd and the 4th set of 10 are only added back to the queue and not immediately given a new group.
Again encourages increasing the difficulty via competition when it makes sense.

  • Go really slow (over 3 standard deviations or whatever testing seems fair) and you will be booted out of the queue and lose your 0.2 coin investment.
This means an investment like FPGA will have to be large to keep up with the "average" system of GPUs. 1 FPGA won't be enough to keep up, you'll need 10, for example. High startup, zero other utility, encourages using standard PCs and status quo hardware and only upgrading when it is for standard computer upgrading reasons. This reduces the hardware tax on the economy significantly.

  • Coins will not be deposited into the minting accounts until after the entire block of coins has been minted and they will be awarded over time based on the days that the coins were mined
Mitigates risk to the network.

  • The difficulty will be adjusted after each block and given a weighted adjustment based on the last 10(?) difficulty changes.
Mitigates risk by making it very difficult to maliciously increase the difficulty. After 1 mint block of much higher than normal difficulty, everyone will be aware that the difficulty is being manipulated and can join the next queue to de-manipulate it before permanent damage is done. This is because of the next sentence: "Difficulty only goes up, never down."

  • E.g. a 10% increase in difficulty means that a 2.0 coin award would be reduced to about 1.818 coins (100/110% * 2.0)
Mitigates risk, immediately prices in some portion of new hardware efficiency gains, meaning it is less profitable to upgrade hardware for the sole purpose of being better at creating money--reducing/removing the hardware tax again. It is worth discussing whether or not the coin multipliers in the next two sections are reduced by the same amount, meet in the middle, or equal the original coin awards (I like meet in the middle).

  • After the bootstrapping period is over, by default each coin block will be multiplied by 5x to all existing accounts
Mitigates risk in holding currency. Even if new hardware comes out that is 500% more efficient and super cheap etc etc but has the same MH/s output as GPUs, existing holders of currency do not have to run out and buy this hardware just to compensate for the reducing value of their holdings. A new value of the currency will be established (stable long term but chaotic because of unforeseen present conditions), but no one will lose actual value because the more new currency created, the more existing currency is rewarded. It is a balance and it is another hardware tax--you don't get the new coin pie all to yourself. Additionally, it is possible to mitigate the value change of the currency by forcing an increased difficulty after so many mint blocks are created in a row with low difficulty increases and not much prior increase in transaction activity. If, for example, coins were worth about $3 and the new hardware can produce them for $1, rather than tripling everyone's coins over time until a new level was reached, the difficulty could be forced upwards so that maybe it only drops to $2.50 and everyone only gets a 20% increase in coins or so. It would be a form of disinflation I suppose. Something worth discussing, but it does have the potential to be abused. This scenario is also pretty unlikely.

Either way, while this would temporarily upset the economy, once it is accounted for it won't have any lasting effects, and a situation like this should be quite rare.

  • and by 5x as a lottery to transactions
Encourages trade, gets more money in circulation when demand is high

  • What this does is reduce the actual amount of energy spent in creating new money so that the people using the money profit instead of the electric company.
This is significant. Instead of it costing X energy and hardware to create Y amount of currency, it costs X/10 to create the same value in Y currency. This allows for a very quick, very cheap expansion of the money supply to coincide with an expansion in demand for money. It seriously reduces the energy and hardware tax on the network.

I can't type anymore at the moment. I said good day!
880  Bitcoin / Development & Technical Discussion / Re: Crypto question: Breaking ECDSA for all key-pairs simultaneously? on: September 13, 2012, 05:33:42 PM
In this case you now have BTC "in an address" which has a public key published to the block chain. Is that right?

That's right. As far as the best place to learn, I think I learned pretty much everything from reading these boards.  Wink
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 [44] 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 »
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!